CAR HACKING is a definite thing, particularly now that security researchers have cracked the WiFi access point of a Mitsubishi Outlander and dicked around with its connected systems.
Some champs with ‘1337 haxxor skills’ from security penetration testing firm Pen Test Partners discovered that the Mitsubishi Outlander hybrid electric vehicle uses a weak WiFi access security key, which can be accessed through a brute force attack.
"The WiFi pre-shared key is written on a piece of paper included in the owner's manual. The format is too simple and too short. We cracked it on a 4 x GPU cracking rig in less than four days," the researchers explained.
"A much faster crack could be achieved with a cloud hosted service, or by buying more GPUs."
The researchers were able to use a man-in-the-middle attack between a driver’s home WiFi network and the car's access module to intercept data going from a Mitsubishi smartphone app used to control some of the Outlander’s functions.
They were then able to replay various messages sent from the app to the car and work out the binary protocols for the messages. With a bit of hacker brainpower the researchers were able to figure out how to turn the car’s lights on and off, mess with the charging cycle and turn on the air conditioning, all of which drain the car’s battery.
This would seem useful only for a bit of elaborate trolling, but the researchers found that they could also exploit the security hole to switch off the car’s anti-theft alarm, allowing it to be nicked by car thieves.
There are a few short- to medium-term fixes, according to the researchers, but ultimately Mitsubishi may have to recall the Outlander to fix the problem. Not great news for the carmaker.
Connected car hacking is beginning to become a bit of theoretical headache for tech firms and car companies, as seen with Intel’s launch of its Automotive Security Review Board. µ
The week in Google in brief
Sega hedgehogging its bets
And not a purple duck in sight